Threats to Data and Information

Question 1

any potential danger to information or systems.

Answer 1

threat

Question 2

subject to serious threats that can have adverse effects on organizational operations (including missions, functions, image, or reputation), organizational assets, individuals, other organizations, and the government by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems.

Answer 2

information systems

Question 3

Threats to information systems include

Answer 3

environmental disruptions,

human errors

purposeful attacks.

Question 4

Additional threats arise in the

Answer 4

system acquisition and code distribution processes

Question 5

Serious security problems have also resulted from

Answer 5

discarded or stolen systems

Question 6

It refers to the capability of an adversary coupled with his/her intentions to undertake any actions detrimental to the success of program activities or operations.

Answer 6

threat

Question 7

It is a natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.

Answer 7

threat

Question 8

It is a potential cause of an unwanted incident, which may result in harm to a system or organization.

Answer 8

threat

Question 9

It refers to any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service.

Answer 9

security

Question 10

It is also any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service

Answer 10

security

Question 11

It also refers any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Answer 11

security

Question 12

it also refers to any circumstance or event with the potential to intentionally or unintentionally exploit one or more vulnerabilities in a system resulting in a loss of confidentiality, integrity, or availability.

Answer 12

security

Question 13

It is a potential cause of an incident, that may result in harm of systems and organization.

Answer 13

security

Question 14

It is a potential undesirable event, malicious or not, of:

Answer 14

compromise
corruption
denial of service

Question 15

e., theft of valuable or sensitive information or services),

Answer 15

compromise

Question 16

degradation/blocking of data, processing, or communications or an entity possessing the capability and intent to cause the above.

Answer 16

denial of service

Question 17

It is any circumstance or event with the potential to adversely impact the essential clinical performance of the device, organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, or other organizations through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Answer 17

medical device

Question 18

Threats exercise vulnerabilities, which may impact the essential clinical performance of the device.

Answer 18

medical device

Question 19

It is an intentional or unintentional potential event that could compromise the security and integrity of the system.

Answer 19

biometrics

Question 20

measurement and statistical analysis of people’s unique physical and behavioral characteristics.

Answer 20

biometrics

Question 21

Threats are implemented by

Answer 21

threat agents

Question 22

It is also called a threat actor.

Answer 22

threat agent

Question 23

It refers to any person or thing that acts (or has the power to act) to cause, carry, transmit, or support a threat.

Answer 23

threat agent

Question 24

It also refers to an individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Answer 24

threat agent

Question 25

It is a system entity that performs a threat action, or an event that results in a threat action.

Answer 25

threat agent

Question 26

examples of threat agent

Answer 26

an intruder network through a port on the firewall
a process accessing data in a way that violates the security policy
insiders (including system administrators and developers)
malicious hackers
an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity
a tornado wiping out a facility
organized crime
terrorists
nation states

Question 27

It is about keeping data safe and affects anyone relying on a computer system

Answer 27

data security

Question 28

If the data on a computer system is damaged, lost, or stolen, it can lead to disaster.

Answer 28

data security

Question 29

6
keeping data secure

Answer 29

backup files
antivirus
log off after use
authorized personnel
passwords
safe file storage

Question 30

6 key threat to data security

Answer 30

corrupted
hacked
lost
destroyed
deleted
damaged

Question 31

10 Technical Data Threats

Answer 31

hacking
advance persistent threats
malware
misuse
mobile devices

cloud computing
cracking
data leakage
errors

third parties/ service providers

Question 32

6 non technical vulnerabilities

Answer 32

physical
insider threat
environmental

dumpster diving
social engineering
social media

Question 33

refers to an unauthorized user gaining access to a computer or a network

Answer 33

hacking

Question 34

a multi-billion dollar industry for cybercriminals and provides opportunities to extract data for political and monetary gains.

Answer 34

hacking

Question 35

trying to get into computer systems in order to steal, corrupt, or illegitimately view data.

Answer 35

cracking

Question 36

technique used to breach computer software or an entire computer security system, and with malicious intent.

Answer 36

cracking

Question 37

strictly used in a criminal sense (i.e., It is hacking but evil).

Answer 37

cracking

Question 38

reverse engineering of software, passwords or encryption, that could lead to unauthorized access to sensitive information.

Answer 38

cracking

Question 39

disrupts computer operations, gathers sensitive information, or gains access to a computer system to compromise data and information.

Answer 39

malware

Question 40

used to keep malware off of computers.

Answer 40

antivirus software
firewalls

Question 41

examples of malware

Answer 41

viruses,
worms,
spyware,
ransomware,
keyloggers and
backdoors,
but in reality malware can be any program that operates against the requirements of the computer user.

Question 42

Employees may take advantage of entrusted resources or privileges for a malicious or unintended purpose.

Answer 42

misuse

Question 43

Included in this category are administrative abuse, policy violations, and use of non-approved assets.

Answer 43

misuse

Question 44

system misconfigurations or programming errors can cause unauthorized access by cybercriminals.

Answer 44

errors

Question 45

can occur in-house due to faulty programming, or hackers can find loopholes that can cause errors as well.

Answer 45

errors

Question 46

Unauthorized electronic or physical transmission of data or information from within a company to an external destination or recipient could leave data in the wrong hands.

Answer 46

data leakage

Question 47

Storing unencrypted sensitive data with lax access controls leaves data stored in the cloud vulnerable to improper disclosure.

Answer 47

cloud computing

Question 48

With the growing amount of organizations and people using cloud computers, it is more important now than ever before to protect your information against hackers.

Answer 48

cloud computing

Question 49

carrying sensitive data can be lost or stolen, possibly causing data to fall into the wrong hands.

Answer 49

mobile devices

Question 50

are structured cyberattacks to extort or damage companies whose websites or online assets are a major source of revenue.

Answer 50

availability attacks

Question 51

a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time.

Answer 51

Advanced Persistent Threats (APT)

Question 52

uses continuous and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged and potentially destructive period of time.

Answer 52

APT

Question 53

Hackers attack computer systems while avoiding detection and harvesting valuable information over a long period of time.

Answer 53

APT

Question 54

Theft, tampering, snooping, sabotage, vandalism, local device access, and assault can lead to a loss of data or information.

Answer 54

Physical

Question 55

Natural events such as tornadoes, power loss, fires, and floods pose hazards to the infrastructure in which data assets are located.

Answer 55

environmental

Question 56

Employees, contractors, or partners can commit fraud, espionage or theft of intellectual property.

Answer 56

insider threat

Question 57

Employees often fall victim to scams or reveal information not intended for public knowledge on social media.

Answer 57

social media

Question 58

Improper disposal of sensitive data could lead to improper disclosures of sensitive information just sitting in trash bins.

Answer 58

dumpster diving

Question 59

Having internal procedures when disposing of sensitive documents is crucial in preventing this kind of a non-technical vulnerability.

Answer 59

dumpster diving

Question 60

Attackers rely heavily on human interaction to gain access to company networks or systems, usually tricking users into breaking normal security procedures and revealing their account credentials.

Answer 60

social engineering

Question 61

It is the art of manipulating people so they give up confidential information.

Answer 61

social engineering

Question 62

10 Types of Information Security Threats for IT teams to know about

Answer 62

botnets
exploit kits
drive-by download attacks

distributed denial-of-service attacks
insider threats
viruses and worms
advanced persistent threat attacks

phishing attacks
ransomware
malvertising

Question 63

It is a malicious act that aims to corrupt or steal data or disrupt an organization’s systems or the entire organization.

Answer 63

security threat

Question 64

It refers to an occurrence during which company data or its network may have been exposed.

Answer 64

security event

Question 65

It is an event that results in a data or network breach.

Answer 65

security incident

Question 66

occurs when individuals close to an organization who have authorized access to its network intentionally or unintentionally misuse that access to negatively affect the organization’s critical data or systems.

Answer 66

insider threat

Question 67

Careless employees who do not comply with their organizations’ business rules and policies

Answer 67

insider threat

Question 68

source of insider threat

Answer 68

contractors
business partners
third party vendors

Question 69

(malware) aimed at destroying an organization’s systems, data and network.

Answer 69

viruses and worms

Question 70

is a malicious code that replicates by copying itself to another program, system or host file.

Answer 70

computer virus

Question 71

s a self-replicating program that doesn’t have to copy itself to a host program or require human interaction to spread.

Answer 71

computer worm

Question 72

collection of Internet-connected devices, including PCs, mobile devices, servers and IoT devices that are infected and remotely controlled by a common type of malware.

Answer 72

botnet

Question 73

malicious code is downloaded from a website via a browser, application or integrated operating system without a user’s permission or knowledge.

Answer 73

drive-by-download attacks

Question 74

type of information security threat that employs social engineering to trick users into breaking normal security practices and giving up confidential information, including names, addresses, login credentials, Social Security numbers, credit card information and other financial information.

Answer 74

phishing attacks

Question 75

multiple compromised machines attack a target, such as a server, website or other network resource, making the target totally inoperable.

Answer 75

DDoS attacks

Question 76

the victim’s computer is locked, typically by encryption, which keeps the victim from using the device or data that are stored on it.

Answer 76

ransomware

Question 77

programming tool that enables a person without any experience writing software code to create, customize and distribute malware.

Answer 77

exploit kit

Question 78

a targeted cyberattack in which an unauthorized intruder penetrates a network and remains undetected for an extended period of time.

Answer 78

advanced persistent threat attacks

Question 79

technique cybercriminals use to inject malicious code into legitimate online advertising networks and web pages.

Answer 79

malvertising

Question 80

This code typically redirects users to malicious websites or installs malware on their computers or mobile devices.

Answer 80

malvertising